[BreachExchange] Simple Steps To Strengthen Your Network Security

Audrey McNeil audrey at riskbasedsecurity.com
Tue May 29 18:58:14 EDT 2018


Digital transformation is accelerating the speed of business – and the
complexity of the network. Companies new to the market design a robust,
current security framework into the network from Day One. However, more
established companies don’t have that luxury. Instead, they add on security
solutions as the need arises.

This creates a patchwork effect that can create security gaps as the IT
team integrates these appliances that weren’t part of the design from the
start – gaps that cybercriminals are looking to exploit. Having several
different appliances that must be managed as one-off point solutions makes
the environment overly complex and adds costly overhead. This raises the
total cost of ownership and leaves a business dependent on the vendor or
vendors that sold the solution.

Cloud Changes the Security Game

For many organizations, security has been an after-the-fact activity.
Burdened IT teams have been largely reactive rather than proactive. The
possibility of a security breach and the penalties that would result have
been less of a concern than the possibility of slowing down the business
with a strict security protocol.

Reducing risk to an acceptable level without slowing down the speed of
business is the mandate for IT security teams today. This has been true for
the entire digital age. With the invention of the internet and how quickly
it was adopted as a platform for outreach, sales and marketing, security
was a secondary concern – the only thing that mattered was getting the
business online.

This stance was already troublesome, and in the cloud area, it is
untenable. Businesses continue to host their data on someone else’s servers
and rely heavily on them for security, sometimes to a fault. For example,
in the Department of Defense (DoD) AWS breach, security was only as good as
the people implementing it. The DoD had all of the proper systems in place,
along with their AWS hosts, but a contractor left the S3 storage publicly
accessible, and top-secret data could be downloaded along with the system
image that was used for Linux-based virtual machines.

The threat landscape is ever-changing, and cloud computing poses a
particular challenge to those who are used to creating perimeter defenses
only. That’s because cloud computing, if not designed properly, is flat –
allowing for unchecked lateral movement. So then, the focus has shifted
from keeping the attacker out (which, of course, is still important) to
figuring out how to determine if the network has already been breached and
what to do if it has.

Steps Toward Stronger Security

The IT security team and the business leaders of an organization must come
into alignment to keep the company secure and growing. Clear communication
between the two groups will allow them to lay out a plan where the business
can grow but also be secure. They can make sure that all of the proper
counter-measures are in place so that as the company’s footprint grows
on-premise or in the cloud, the attack surface remains as small as possible.

This plan will include treating all network traffic as untrustworthy,
minimizing privileges, and monitoring and controlling access. Organizations
need to adopt a “zero-trust model” and proactively inspect all network
traffic to validate the authenticity of user activity.

Specifics of the plan include:

- Segment networks and reduce single points of failure.
- Reduce access scope and rights.
- Look at cloud, app and database behavior to detect anomalies that can
indicate threats and compromise.
- Reduce the attack surface with patching and configuration control.
- Build resilience so teams and products can recover quickly from incidents.
- Consider using Network Behavior Anomaly Detection (NBAD) – the real-time
monitoring of a network for any unusual activity, trends or events.
- Consider using Endpoint Detection and Response (EDR), an emerging
technology. It is a category of tools and solutions that focus on
detecting, investigating and mitigating suspicious activities and issues on
hosts and endpoints.

Training: An Essential Component of Security

Employee education and training can’t be neglected as part of the security
strategy. Otherwise, all the time and money spent constructing strong
network defenses could be thwarted by one careless or ignorant employee.

Start training employees on Day One so that they start thinking about
cybersecurity best practices. Security should matter to everyone from the
admin to the CEO. This will build resilience into products and teams.

Security training should include these principles:

- Make sure your software is up to date.
- Make sure your antivirus software is up to date.
- Understand that hackers are targeting you constantly and look out for
suspicious emails. and calls from outsiders trying to obtain your
information (phishing).
- Use caution when clicking links online and in emails.
- Choose strong passwords and password management practices and solutions.
- Always back up your data in case of a ransomware attack.
- Keep sensitive data secure and off your laptops and mobile devices.
- Don’t leave your devices unattended.

Putting it all Together

Network security was hard enough when you only had to defend the perimeter.
Today, the cloud and the billions of endpoints that comprise the Internet
of Things have increased the challenge exponentially. Organizations can no
longer afford to merely add on security solutions as an afterthought; they
must instead be proactive in their security strategy. This includes making
sure employees understand their part in defending the network and its
critical data.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180529/c7aae679/attachment.html>

More information about the BreachExchange mailing list